64 matches found
CVE-2026-48943
K2 ≤ 2.24 contains a mass-assignment defect in the K2 system user plugin plguserk2. A Registered Joomla user, by including the field K2UserForm=1 in a standard comusers profile.save POST, can write arbitrary values into the notes, image, and plugins columns of their own row in the k2users table —...
CVE-2026-29202
Insufficient input validation of the plugin parameter of the createuser plugin allows arbitrary Perl code execution on behalf of the already authenticated account's system user...
AVideo: IDOR - Any Admin Can Set Another User's Channel Password via setPassword.json.php
Summary The setPassword.json.php endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password value is processed, any password containing non-numeric characters is silently coerced to the integer zero before...
CVE-2025-69293 WordPress Final User plugin <= 1.2.5 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in e-plugins Final User final-user allows Privilege Escalation.This issue affects Final User: from n/a through = 1.2.5...
CVE-2025-69293 WordPress Final User plugin <= 1.2.5 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in e-plugins Final User final-user allows Privilege Escalation.This issue affects Final User: from n/a through = 1.2.5...
CVE-2025-69187 WordPress Final User plugin <= 1.2.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in e-plugins Final User final-user allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Final User: from n/a through = 1.2.5...
CVE-2025-69187 WordPress Final User plugin <= 1.2.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in e-plugins Final User final-user allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Final User: from n/a through = 1.2.5...
CVE-2025-69187
CVE-2025-69187 is reported as a Missing Authorization vulnerability in the WordPress plugin Final User (Final User/ final-user), affecting versions from n/a through <= 1.2.5. The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) yields a base score of 7.3 (High) with network attack vector, low...
WordPress Final User plugin <= 1.2.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Final User versions = 1.2.5...
EUVD-2020-16575
Malware in sbrugna...
EUVD-2021-11946
Malware in sbrugna...
EUVD-2022-51859
Malicious code in bioql PyPI...
EUVD-2025-25633
Malicious code in bioql PyPI...
PT-2025-34522 · WordPress · Bravis User
Name of the Vulnerable Software and Affected Versions: Bravis User plugin for WordPress versions up to and including 1.0.0 Description: The plugin does not properly log in a user with data verified through the facebook ajax login callback function, leading to authentication bypass. This allows...
WordPress plugin Bravis User 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Bravis User plugin <= 1.0.0 - Authentication Bypass to Account Takeover vulnerability
Authentication Bypass to Account Takeover vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Bravis User versions = 1.0.0...
WordPress Case Theme User plugin <= 1.0.3 - Authentication Bypass via Social Login vulnerability
Authentication Bypass via Social Login vulnerability discovered by Foxyyy in WordPress Plugin Case Theme User versions = 1.0.3...
CVE-2023-0043
The Custom Add User WordPress plugin through 2.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-27890
The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2022-4519
The WP User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...